Skip to main content

How to Enroll NixOS Devices into Swif.ai MDM

Updated over 2 weeks ago

Swif.ai supports NixOS as part of its Linux MDM platform, enabling centralized device management, policy enforcement, and compliance monitoring.


1. Prerequisites

  • A supported NixOS installation.

  • Admin/root privileges on the device.


2. Enrollment Methods

You can integrate Swif.ai with NixOS using either:

  1. Default NixOS Configuration

  2. Flake-based Configuration


3. Default NixOS Configuration

  1. Install by URL

    1. Configure swifteam settings in /etc/nixos/configuration.nix

      { config, pkgs, lib, ... }:

      let
      swifteamTarball = builtins.fetchTarball {
      url = "https://cdn.swifteam.com/st-agent-linux/{version}/nixos/swifteam.tar.gz";
      sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
      };
      in
      {
      imports = [
      (import "${swifteamTarball}")
      ];

      # Please fill in the required information in the configuration.
      services.swifteam = {
      enable = true;
      teamId = "{teamId}";
      name = "{name}";
      surname = "{surname}";
      email = "{email}";
      };
      }
    2. Rebuild NixOS

      $ sudo nixos-rebuild switch

    3. Reboot system

    4. Check if swif-agent.service is running

      $ sudo systemctl status swif-agent.service

    5. Import local generated files in /etc/nixos/configurations.nix

      {
      imports = [
      (import "${swifteamTarball}")
      ./swifteam
      ]
      }
    6. Rebuild NixOS again

      $ sudo nixos-rebuild switch

  2. Install by local path

    1. Download swifteam.tar.gz

      $ curl -OL https://cdn.swifteam.com/st-agent-linux/<version>/nixos/swifteam.tar.gz

    2. Create directory

      $ sudo mkdir /etc/nixos/swifteam

    3. Extract swifteam.tar.gz

      $ sudo tar -xzvf swifteam.tar.gz -C /etc/nixos/swifteam

    4. Configure swifteam settings in /etc/nixos/configurations.nix

      { config, pkgs, lib, ... }:

      {
      imports = [
      ./swifteam
      ];

      # Please fill in the required information in the configuration.
      services.swifteam = {
      enable = true;
      teamId = "{teamId}";
      name = "{name}";
      surname = "{surname}";
      email = "{email}";
      };
      }
    5. Rebuild NixOS

      $ sudo nixos-rebuild switch

    6. Reboot system

    7. Check if swif-agent.service is running

      $ sudo systemctl status swif-agent.service


4. Flake-based Configuration

  1. Install by URL

    1. Configure swifteam settings in flake.nix

      {
      inputs = {
      swifteamTarball = {
      url = "https://cdn.swifteam.com/st-agent-linux/{version}/nixos/swifteam.tar.gz";
      flake = false;
      };
      };

      outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
      nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
      (import "${swifteamTarball}")
      ({ ... }: {
      services.swifteam = {
      enable = true;
      teamId = "{teamId}";
      name = "{name}";
      surname = "{surname}";
      email = "{email}";
      nixRootPath = "{nixRootPath}";
      };
      })
      ];
      };
      };
      }
    2. Rebuild flake environment

      $ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>

    3. Reboot system

    4. Check if swif-agent.service is running

      $ sudo systemctl status swif-agent.service

    5. Import local generated files in flake.nix

      {
      outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
      nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
      (import "${swifteamTarball}")
      ({ ... }: {
      services.swifteam = {
      enable = true;
      teamId = "{teamId}";
      name = "{name}";
      surname = "{surname}";
      email = "{email}";
      nixRootPath = "{nixRootPath}";
      };
      })
      ./swifteam
      ];
      };
      };
      }
    6. Rebuild flake environment again

      $ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>

  2. Install by local path

    1. Download swifteam.tar.gz

      $ curl -OL https://cdn.swifteam.com/st-agent-linux/<version>/nixos/swifteam.tar.gz

    2. Create directory

      $ mkdir <nixRootPath>/swifteam

    3. Extract swifteam.tar.gz

      $ sudo tar -xzvf swifteam.tar.gz -C <nixRootPath>/swifteam

    4. Configure swifteam settings in flake.nix

      {
      outputs = { self, nixpkgs, swifteamTarball, ... }@inputs: {
      nixosConfigurations.swifteamHostname = nixpkgs.lib.nixosSystem {
      modules = [
      ./swifteam
      {
      services.swifteam = {
      enable = true;
      teamId = "{teamId}";
      name = "{name}";
      surname = "{surname}";
      email = "{email}";
      nixRootPath = "{nixRootPath}";
      };
      }
      ];
      };
      };
      }
    5. Rebuild flake system

      $ sudo nixos-rebuild switch --flake <nixRootPath>#<flakeHostname>

    6. Reboot system

    7. Check if swif-agent.service is running

      $ sudo systemctl status swif-agent.service


5. Verification

After rebuilding:

  1. Run to verify the Swif agent installation.

    $sudo systemctl status swif-agent.service
  2. Check the device’s status in Swif Console → Device Inventory.


6. Post-Enrollment Steps

  • Apply Policies: Security, compliance, or configuration policies can now be applied from the Swif console.

  • Remote Management: Use Swif’s features to lock, restart, shut down, or even erase a device if needed.

  • Software & OS Patch Management: Automate package updates on your Linux endpoints from one central location.

  • Summary of the NixOS support features:

    1. Script Installer —Flake-based Configuration: Install by URL or by local path

    2. Desktop App

    3. Disk Health

    4. Device Specifications

    5. Accounts

    6. Commands

    7. Applications

    8. Certificate

    9. Live terminal

    10. Package manager

    11. Password Policy

    12. Screensaver Policy

    13. Change Password

    14. Reboot

    15. Shutdown

    16. Device Lock

    17. Soft Wipe

    18. Remove Swif Agent

  • Swif's Desktop app compatibility: Used for in-app notification and compliance display

x86_64

arm_64

Ubuntu

Fedora

NixOS

X

Here is the notice that will be added to the help article, based on Jira issues ST-5966 and ST-5878, and referencing the work by Yoge Chou:


Notice: How the NixOS Rebuild Notification Works

When using Swif.ai MDM on NixOS devices, you may receive an in-app notification prompting you to run the nixos-rebuild command. This notification is designed to help you keep your device up to date with the latest configurations and security policies managed by your organization.

  • You will receive an email notification.

  • The in-app notification will appear in the desktop app, similar to update prompts you may have seen in other applications (e.g., Zoom).

  • You will be given a clear call-to-action (CTA) to run the rebuild command. There is also an option to “Skip for now” if you are not ready to proceed.

  • If you choose to skip, you can continue using your device as usual, but it is recommended to complete the rebuild at your earliest convenience to ensure compliance and security.

  • ARM support for NixOS is currently not available, but updates are being tracked.


This notice will be appended to the help article:

If you need any changes or a different format, let me know! 1

Sources


7. Troubleshooting

  • Check system logs for swifteam service errors:

    journalctl -u swifteam
  • Re-run nixos-rebuild if configuration changes are made.

Did this answer your question?